<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>XSS Testing Page</title>
    <script type="text/javascript">
    document.cookie="session_id=test_session_id_123";
    </script>
</head>
<body>
    <div ring="0" w="0" r="0" x="0" id="main_content" nonce="fea13a124">
        <div ring="1" w="0" r="0" x="0" id="site_content" nonce="fea13a124">
            <h1>CS5231 System Security</h1>
            <ol>
               <li>XSS</li>
               <li>Ring-based Access Control</li>
            </ol>
        </div>
        <div ring="2" w="0" r="1" x="1" class="third_party" nonce="fea13a124">
            <h3>CS5331 Web Security</h3>
            <ul>
               <li>CSRF</li>
               <li>SQL Injection</li>
            </ul>
            <pre><code>
            var site_div = window.document.getElementById('site_content');
            var site_content = site_div.innerText;
            console.log('site_content: \'' + site_content + '\'');
            var t_party = document.getElementsByClassName('third_party');
            var tpc = t_party.innerText;
            console.log('third_party: \'' + tpc + '\'');
            </code></pre>
        </div>
        <div ring="2" w="0" r="1" x="0" id="user_content" nonce="fea13a124">
            <blockquote><p>Paragraph entered by user.</p></blockquote>
            <div ring="3" w="0" r="1" x="0">
                <img src="x" onerror="var test;test = document.cookie;alert(test)"/>
                <script>
                    var site_div = window.document.getElementById('site_content');
                    var site_content = site_div.innerText;
                    console.log('site_content: \'' + site_content + '\'');
                    var t_party = document.getElementsByClassName('third_party');
                    var tpc = t_party.innerText;
                    console.log('third_party: \'' + tpc + '\'');
                </script>
            </div>
        </div>
    </div>
</body>
</html>
